review-mining
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to collect and analyze untrusted data from external review platforms like Trustpilot and Reddit. This establishes an indirect prompt injection attack surface where malicious text embedded in a review could potentially influence the agent's output.
- Ingestion points: External review platforms (G2, Trustpilot, Reddit, etc.) mentioned in SKILL.md.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands within the collected reviews.
- Capability inventory: The skill is strictly instructional and does not include subprocess calls, file-writing, or network scripts.
- Sanitization: There are no instructions for sanitizing or validating the content retrieved from external sources.
- [NO_CODE]: The skill is composed entirely of natural language instructions in Markdown format. It does not ship with any scripts, binaries, or package manifest files.
Audit Metadata